OK, pushed this set.
On 09/10/2013 12:57 PM, David Smith wrote:
until now -- ack!
On Tue, Sep 10, 2013 at 12:55 PM, Maura Dailey <[email protected]
<mailto:[email protected]>> wrote:
No one's ACKED these.
- Maura Dailey
On 08/30/2013 01:41 PM, Maura Dailey wrote:
Added test checks for set of partition checks.
Signed-off-by: Maura Dailey <[email protected]
<mailto:[email protected]>>
---
RHEL6/input/checks/partition_for_home.xml | 18
++++++++++--------
RHEL6/input/checks/partition_for_tmp.xml | 14
++++++++------
RHEL6/input/checks/partition_for_var.xml | 18
++++++++++--------
RHEL6/input/checks/partition_for_var_log.xml | 12
+++++++-----
RHEL6/input/checks/partition_for_var_log_audit.xml | 18
+++++++++++-------
5 files changed, 46 insertions(+), 34 deletions(-)
diff --git a/RHEL6/input/checks/partition_for_home.xml
b/RHEL6/input/checks/partition_for_home.xml
index b784316..2081d18 100644
--- a/RHEL6/input/checks/partition_for_home.xml
+++ b/RHEL6/input/checks/partition_for_home.xml
@@ -5,20 +5,22 @@
<affected family="unix">
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
- <description>If user home directories will be stored
locally,
- create a separate partition for /home. If /home will be
mounted
- from another system such as an NFS server, then
creating a separate
- partition is not necessary at this time, and the
mountpoint can
- instead be configured later.</description>
+ <description>If user home directories will be stored
locally, create a
+ separate partition for /home. If /home will be mounted
from another
+ system such as an NFS server, then creating a separate
partition is not
+ necessary at this time, and the mountpoint can instead
be configured
+ later.</description>
+ <reference source="MED" ref_id="20130830"
ref_url="test_attestation" />
</metadata>
<criteria>
<criterion test_ref="test_home_partition"
comment="/home on own partition" />
</criteria>
</definition>
- <linux:partition_test check="all"
check_existence="all_exist" id="test_home_partition"
version="1" comment="/home on own partition">
- <linux:object
object_ref="object_mount_home_own_partition" />
+ <linux:partition_test check="all" check_existence="all_exist"
+ id="test_home_partition" version="1" comment="/home on own
partition">
+ <linux:object object_ref="object_mount_home_own_partition" />
</linux:partition_test>
<linux:partition_object
id="object_mount_home_own_partition" version="1">
- <linux:mount_point>/home</linux:mount_point>
+ <linux:mount_point>/home</linux:mount_point>
</linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/partition_for_tmp.xml
b/RHEL6/input/checks/partition_for_tmp.xml
index de93ee9..9c28c13 100644
--- a/RHEL6/input/checks/partition_for_tmp.xml
+++ b/RHEL6/input/checks/partition_for_tmp.xml
@@ -5,18 +5,20 @@
<affected family="unix">
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
- <description>The /tmp directory is a world-writable
directory
- used for temporary file storage. Verify that it has its own
- partition or logical volume.</description>
+ <description>The /tmp directory is a world-writable
directory used for
+ temporary file storage. Verify that it has its own
partition or logical
+ volume.</description>
+ <reference source="MED" ref_id="20130830"
ref_url="test_attestation" />
</metadata>
<criteria>
<criterion test_ref="test_tmp_partition" comment="/tmp
on own partition" />
</criteria>
</definition>
- <linux:partition_test check="all"
check_existence="all_exist" id="test_tmp_partition"
version="1" comment="/tmp on own partition">
- <linux:object object_ref="object_own_tmp_partition" />
+ <linux:partition_test check="all" check_existence="all_exist"
+ id="test_tmp_partition" version="1" comment="/tmp on own
partition">
+ <linux:object object_ref="object_own_tmp_partition" />
</linux:partition_test>
<linux:partition_object id="object_own_tmp_partition"
version="1">
- <linux:mount_point>/tmp</linux:mount_point>
+ <linux:mount_point>/tmp</linux:mount_point>
</linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/partition_for_var.xml
b/RHEL6/input/checks/partition_for_var.xml
index 58089ab..2ed1d38 100644
--- a/RHEL6/input/checks/partition_for_var.xml
+++ b/RHEL6/input/checks/partition_for_var.xml
@@ -5,20 +5,22 @@
<affected family="unix">
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
- <description>Ensuring that /var is mounted on its own
partition enables the
- setting of more restrictive mount options, which is
used as temporary
- storage by many program, particularly system services
such as daemons.
- It is not uncommon for the /var directory to contain
world-writable directories,
- installed by other software packages.</description>
+ <description>Ensuring that /var is mounted on its own
partition enables
+ the setting of more restrictive mount options, which is
used as temporary
+ storage by many program, particularly system services
such as daemons. It
+ is not uncommon for the /var directory to contain
world-writable
+ directories, installed by other software
packages.</description>
+ <reference source="MED" ref_id="20130830"
ref_url="test_attestation" />
</metadata>
<criteria>
<criterion test_ref="test_var_partition" comment="/var
on own partition" />
</criteria>
</definition>
- <linux:partition_test check="all"
check_existence="all_exist" id="test_var_partition"
version="1" comment="/var on own partition">
- <linux:object
object_ref="object_mount_var_own_partition" />
+ <linux:partition_test check="all" check_existence="all_exist"
+ id="test_var_partition" version="1" comment="/var on own
partition">
+ <linux:object object_ref="object_mount_var_own_partition" />
</linux:partition_test>
<linux:partition_object
id="object_mount_var_own_partition" version="1">
- <linux:mount_point>/var</linux:mount_point>
+ <linux:mount_point>/var</linux:mount_point>
</linux:partition_object>
</def-group>
diff --git a/RHEL6/input/checks/partition_for_var_log.xml
b/RHEL6/input/checks/partition_for_var_log.xml
index 8a8a6f4..94d235b 100644
--- a/RHEL6/input/checks/partition_for_var_log.xml
+++ b/RHEL6/input/checks/partition_for_var_log.xml
@@ -5,17 +5,19 @@
<affected family="unix">
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
- <description>System logs are stored in the /var/log
directory.
- Ensure that it has its own partition or logical
volume.</description>
+ <description>System logs are stored in the /var/log
directory. Ensure
+ that it has its own partition or logical
volume.</description>
+ <reference source="MED" ref_id="20130830"
ref_url="test_attestation" />
</metadata>
<criteria>
<criterion test_ref="test_var_log_partition"
comment="/var/log on own partition" />
</criteria>
</definition>
- <linux:partition_test check="all"
check_existence="all_exist" id="test_var_log_partition"
version="1" comment="/var/log on own partition">
- <linux:object
object_ref="object_mount_var_log_own_partition" />
+ <linux:partition_test check="all" check_existence="all_exist"
+ id="test_var_log_partition" version="1" comment="/var/log
on own partition">
+ <linux:object
object_ref="object_mount_var_log_own_partition" />
</linux:partition_test>
<linux:partition_object
id="object_mount_var_log_own_partition" version="1">
- <linux:mount_point>/var/log</linux:mount_point>
+ <linux:mount_point>/var/log</linux:mount_point>
</linux:partition_object>
</def-group>
diff --git
a/RHEL6/input/checks/partition_for_var_log_audit.xml
b/RHEL6/input/checks/partition_for_var_log_audit.xml
index e88ceba..b7a7d68 100644
--- a/RHEL6/input/checks/partition_for_var_log_audit.xml
+++ b/RHEL6/input/checks/partition_for_var_log_audit.xml
@@ -6,18 +6,22 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>Audit logs are stored in the
/var/log/audit directory.
- Ensure that it has its own partition or logical volume.
Make
- absolutely certain that it is large enough to store all
audit logs
- that will be created by the auditing daemon.</description>
+ Ensure that it has its own partition or logical volume.
Make absolutely
+ certain that it is large enough to store all audit logs
that will be
+ created by the auditing daemon.</description>
+ <reference source="MED" ref_id="20130830"
ref_url="test_attestation" />
</metadata>
<criteria>
<criterion test_ref="test_var_log_audit_partition"
comment="/var/log/audit on own partition" />
</criteria>
</definition>
- <linux:partition_test check="all"
check_existence="all_exist" id="test_var_log_audit_partition"
version="1" comment="check for /var/log/audit partition">
- <linux:object
object_ref="object_mount_var_log_audit_own_partition" />
+ <linux:partition_test check="all" check_existence="all_exist"
+ id="test_var_log_audit_partition" version="1"
+ comment="check for /var/log/audit partition">
+ <linux:object
object_ref="object_mount_var_log_audit_own_partition" />
</linux:partition_test>
- <linux:partition_object
id="object_mount_var_log_audit_own_partition" version="1">
- <linux:mount_point>/var/log/audit</linux:mount_point>
+ <linux:partition_object
id="object_mount_var_log_audit_own_partition"
+ version="1">
+ <linux:mount_point>/var/log/audit</linux:mount_point>
</linux:partition_object>
</def-group>
_______________________________________________
scap-security-guide mailing list
[email protected]
<mailto:[email protected]>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
